Welcome to GeekPolice!

We truly love technology and security and we want to share it with the world. Recognize the excitement of technology here daily:☞Security Discussion on malware, ransomware, and much more!
☞24/7 hard- and software tech support (+mobile!)
☞Virus and malware removal support
☞Business & Enterprise Users/Endpoints Now Supported!!
☞Tons of tutorials, guides and solutions
☞The very finest of our voluntary Support Staff
☞Much, much more FREE!

Hello GeekPolice I am encountering recurring Trojan:JS/Redirector.CR since last April 20 and it keeps re-appearing everyday even if my Microsoft Security Essential keeps detecting it and deleting it.

History: A month a go I was infected by Vista Security 2010 Antivirus and it took over my Security Center and created a fake security center and displaying fake alerts that I am being hacked, have different viruses and prompting to a website that I need to buy the Vista Security 2010 Antivirus. I was able to remove it and restore my original security center by following the instruction at bleepingcomputer,com and downloaded Malawarebyte.

I was OK for about 3 weeks and then my antivitus detected that I am infected by many types of Trojan virus. Since my anti-virus detected them and removed them, I thought the problem was fixed, I never encounter the re-appearance of Trojan for one week until end of March something weird is happening with my laptop. My friends emailed me and because they received an email from me (with links on the email) and asking me if I sent the e-mail. I told them I didn't send the email, it looks like my yahoo mail is hacked or something. What scares me is that I checked my sent items but the email received by my friends is not there but I noticed that all my 2009-2010 sent items are all gone and I didn't delete them nor there is no setting of automatic delete. And if there is a setting of automatic delete, it should delete the older sent items not the recent items..The 2009-2010 were deleted but the 2008 are still there. At that time every time I open my yahoo mail an md.ph file keeps appearing saying "You have chosen to open md.php which is a php file from from mail.yahoo.com". Of course I keep choosing the cancel button. I run the Malawarebyte again to be sure and the popping md.ph file from yahoo was gone.

I thought I was OK but after 2 weeks, last April 20, I keep receiving one type of Trojan that is the Trojan:JS/Redirector.CR and my antivirus (Microssoft Security Essential) keeps detecting it, keeps removing it but since April 20 until a while ago the Trojan:JS/Redirector.CR keeps re-appearing everyday. Please help me with my problem, Trojan keeps re-infecting my laptop and I still do not know if I am being hacked.

I cannot post the OTL.txt because I am getting an error "The posted message is too big." even if I tried posting it to 2 different quick replies. Any suggestion on how to post this txt file here? Thanks

Last edited by kelly2010 on 25th April 2010, 9:59 pm; edited 2 times in total

Error - 4/25/2010 12:33:58 AM | Computer Name = Raquel | Source = Dhcp | ID = 1001Description = Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0019D23673C2. The following error occurred: %%258. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

Click the red Run Fix button.

A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Quick Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately.